Unicode As Low-level Attack Primitive

Whether it is for applications, operating systems, databases, etc. anything that reads, writes, manipulates data must be using an encoding. On modern days, it …

conf EN 2025 Alexandre Zanni

Video

Trust Me, I’m A ShortCut: New Link Abuse Methods

Windows shortcut (.LNK) files have remained a consistent attack vector for over several decades, yet their underlying format is still largely archaic and remai…

conf EN 2025 Wietze Beukema

Video

Level Up Your Malware: A Practical Journey Into EDR Evasion

Every aspiring penetration tester has encountered this moment: you download a tool from GitHub, execute it, and within seconds, it’s flagged, quarantined, or o…

conf EN 2025 Baptiste Copros

Video

Bacteria : Attacking Bacnet In Modern Building Automation Systems

Building Automation (BA) systems control critical infrastructure in modern buildings,including HVAC, lighting, and access control, yet are often overlooked fro…

conf EN 2025

Video

Project Headend And Then ST16CF54

In November of 1998, David Mordinson wrote the Headend Report on exploiting an ST16CF54 television smart card from Nagra and Dish Network. Years later, this br…

conf EN 2025 Travis Goodspeed

Video

Who Watches The Watchmen ? Reversing Video Surveillance Equipment …

This work presents a comprehensive exploration of techniques for obtaining unrestricted access devices manufactured by Dahua, a video surveillance equipment ma…

conf EN 2025 Antonio Vázquez Blanco

Video

Plugins Gone Rogue: Attacking Developer Environments

Security teams spend countless hours protecting infrastructure, web applications, and networks, but often overlook one critical area: developer environments. I…

conf EN 2025 Raphael Silva

Video

CLFS Uncontained: Exploiting CLFS Without Touching The Log

This talk explores the exploitation of CVE-2025-29824, an use-after-free vulnerability due to a race condition in the Windows CLFS (Common Log File System) dri…

conf EN 2025 Marco Ortisi

Project Brainfog: Beyond The Facade – Exposing Smart Giants

From the research whitepaper: This whitepaper accompanies the original talk and presentation delivered at the conference. It delves into the critical cybersecu…

conf EN 2025 Gjoko Krstic

Video

Guess Who’s Coming To Room 305: Hacking Hotel Doors With Just A Name And a Date

Checking into a hotel should mean a good night’s sleep, not handing your room key to a stranger. But what if we told you that unlocking some hotel doors only t…

conf EN 2025 Fabrice Caralinda

Goodbye Purple Team, Hello Purple Bots

Security teams no longer need to manually configure and perform purple team exercises. It is possible to automate and orchestrate all this flow with a combinat…

conf EN 2025 Ralph El Khoury, Patrick Mkhael

Video

All You Can Leak: Real Tales Of Publicly Leaked Kubernetes Secrets

What happens when Kubernetes clusters and their secrets are a little too accessible? The answer is both alarming and eye-opening. In this talk, we will explor…

conf EN 2025 Guillaume Valadon

Video

Speculative-Execution Attacks And Implications For Confidential Computing

Modern x86_64 processors still expose subtle speculative-execution pathways that can be weaponized even in the presence of today’s strongest branch-predictor b…

conf EN 2025 Kaya Ercihan

Video

Investigating An In-The-Wild Campaign Using RCE In CraftCMS

In mid-February, Orange Cyberdefense’s CSIRT was tasked with investigating a server that had been hosting a now-unavailable website. The site had been built us…

conf EN 2025 Nicolas Bourras

Video

HTTP/3 On The Racetrack – Introducing Quickdraw

HTTP/3 is it a thing? Yes, no hallucinations involved ;) HTTP3 (the third major version of the Hypertext Transfer Protocol) is one of the new protocols in town…

conf EN 2025 Maor Abutbul